Skip to content

[#1924] Add Android voting delegation proof and submission#1950

Merged
nullcopy merged 13 commits into
mainfrom
greg/voting-delegation-proof
May 12, 2026
Merged

[#1924] Add Android voting delegation proof and submission#1950
nullcopy merged 13 commits into
mainfrom
greg/voting-delegation-proof

Conversation

@greg0x

@greg0x greg0x commented May 12, 2026
edited by true-jared
Loading

Copy link
Copy Markdown
Collaborator

Part of zodl-inc/zodl-android#2193.
Slice of #1924 (umbrella draft PR being split into reviewable pieces).
Stacked on #1942 (PR 4 — delegation setup + governance PCZT prep).
Resolves MOB-1109

Draft: still iterating locally; opened early so reviewers can start tracking the delegation finish.

Why

Fifth slice of the Android shielded-voting integration. PR 4 (#1942) lands the
delegation setup primitives, hotkey, and governance PCZT/sighash prep. This PR
finishes the delegation half of the workflow: enabling client-pir, persisting
witnesses, running PIR precompute, generating the delegation proof with progress
reporting, and producing the signed submission payload (including the
Keystone-supplied-signature variant).

No public Synchronizer voting API is added.

What's in

  • client-pir feature on zcash_voting is now enabled; lockfile delta is mostly
    the PIR transport stack (pir-client, pir-types, valar-ypir,
    valar-spiral-rs, hyper-rustls).
  • New JNI surface for the delegation finish: witness storage, PIR precompute,
    proof + progress callback, signed submission, Keystone-signature submission.
  • New voting/progress.rs module hosting JniProgressReporter; the only
    per-thread JNI attach pattern in the voting backend so far.

On the VotingDbBackend seam

The typesafe Kotlin layer gains an internal VotingDbBackend interface and a
pass-through RustVotingDbBackend wrapper so TypesafeVotingBackendImpl is
unit-testable without JNI. It lands here because PR 5 is the first slice with
byte-array-typed result models that need size/count validation; PR 6–8 will
extend the same surface as more typed FFI arrives, so introducing it now
avoids a retroactive horizontal refactor later. Happy to split into a tiny
infra PR if a reviewer prefers.

Not included

  • Snapshot wallet notes / note witnesses (PR 6).
  • Vote tree / VAN / vote commitment / cast-vote payloads (PR 7).
  • Delegation tx hash store/lookup and recovery state (PR 8).

Review focus

Primary review track: core-dev. Secondary: mobile-app-dev.

  • zcash_voting client-pir feature transitive graph (Cargo.lock delta).
  • PIR client construction (connect_pir_client) and SDK boundary for network
    errors.
  • progress.rs threading and lifetime — attach_current_thread per callback,
    GlobalRef ownership, exception-clear after failed Java call.
  • verify_delegation_submission_sig semantics for the Keystone variant: rk
    parsed as a redpallas VerificationKey<SpendAuth>, identity rejected, sig
    re-verified over the supplied sighash.
  • require_witnesses_match_bundle invariants (count, root, position, duplicate
    commitments) before persisting to the voting DB.
  • Re-entry guard on VotingDb: progress callbacks must not call back into the
    same handle while the access mutex is held.
  • Typed DelegationProofResult / DelegationSubmissionResult byte/list size
    invariants enforced by the typesafe layer.

Note: delegationProofResultFixtureNative and storeDelegationProofFixtureNative
are JNI fixtures used by androidTest. Open to moving these behind a debug-only
artifact if reviewers prefer.

Validation

  • cargo check --manifest-path backend-lib/Cargo.toml --locked
  • cargo fmt --manifest-path backend-lib/Cargo.toml --check
  • ./gradlew :backend-lib:compileReleaseKotlin :sdk-lib:compileReleaseKotlin
  • ./gradlew ktlint detektAll
  • ./gradlew checkProperties
  • git diff --check

Author

  • Self-review your own code in GitHub web interface
  • Add automated tests as appropriate
  • Update the manual tests as appropriate
  • Check the code coverage report for the automated tests
  • Update documentation as appropriate
  • Run the demo app and try the changes
  • Pull in the latest changes from the main branch and squash your commits before assigning a reviewer

Reviewer

  • Check the code with the Code Review Guidelines checklist
  • Perform an ad hoc review
  • Review the automated tests
  • Review the manual tests
  • Review the documentation as appropriate
  • Run the demo app and try the changes

@greg0x greg0x marked this pull request as ready for review May 12, 2026 14:52
noop-sk
noop-sk reviewed May 12, 2026
View reviewed changes
Comment thread sdk-lib/src/main/java/cash/z/ecc/android/sdk/internal/TypesafeVotingBackendImpl.kt
Comment thread backend-lib/src/main/rust/voting/progress.rs Outdated
noop-sk
noop-sk reviewed May 12, 2026
View reviewed changes
Comment thread sdk-lib/src/main/java/cash/z/ecc/android/sdk/internal/TypesafeVotingBackend.kt Outdated
Comment thread backend-lib/src/main/rust/voting/delegation.rs
Comment thread backend-lib/src/main/rust/voting/progress.rs
Base automatically changed from greg/voting-delegation-prep to main May 12, 2026 15:04
greg0x
greg0x commented May 12, 2026
View reviewed changes
Comment thread backend-lib/src/main/rust/voting/json.rs Outdated
nullcopy
nullcopy reviewed May 12, 2026
View reviewed changes
Comment thread backend-lib/src/main/rust/voting/delegation.rs Outdated
Comment thread backend-lib/src/main/rust/voting/delegation.rs
Comment thread backend-lib/src/main/rust/voting/helpers.rs Outdated
greg0x added 3 commits May 12, 2026 18:22
@greg0x
Use typed JNI models for delegation proof flow
7e83c56
@greg0x
Gate JNI test fixtures behind android-test-fixtures cargo feature
e4458b8
@greg0x
Drop JSON across voting JNI boundary
173060e 
Finishes the typed-JNI cutover started by the prior fixups by removing the
last JSON-serialized payload (governance PCZT result) and the helper module
that supported it. With this commit no voting JNI surface uses
serde_json — every input and output crosses the boundary as a typed Jni*
model.

- Convert buildGovernancePcztJsonNative -> buildGovernancePcztNative and
  return a typed JniGovernancePczt instead of a JSON string.
- Drop voting/json.rs entirely; the typed builders in helpers.rs and the
  Jni* models in JniVotingModels.kt replace JsonGovernancePczt.
- Drop the serde and serde_json dependencies from backend-lib's Cargo.toml;
  no Rust code under voting uses them anymore.
- TypesafeVotingDbImpl no longer parses JSONObject — it consumes
  JniGovernancePczt directly via toGovernancePcztResult().
@greg0x greg0x force-pushed the greg/voting-delegation-proof branch from 6ecc93d to 173060e Compare May 12, 2026 16:24
@greg0x greg0x mentioned this pull request May 12, 2026
Merged
13 tasks
nullcopy
nullcopy approved these changes May 12, 2026
View reviewed changes

@nullcopy nullcopy left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK 23144bb

@nullcopy nullcopy merged commit 3d39e56 into main May 12, 2026
15 checks passed
@nullcopy nullcopy deleted the greg/voting-delegation-proof branch May 12, 2026 18:33
@linear

linear Bot commented Jun 1, 2026

Copy link
Copy Markdown

MOB-1109

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@noop-sk noop-sk noop-sk left review comments

@nullcopy nullcopy nullcopy approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@greg0x @nullcopy @noop-sk